The O'Reilly Radar Podcast: Mike Belshe on making bitcoin secure and easy enough for the mainstream.

In this week’s O’Reilly Radar Podcast episode, I caught up with Mike Belshe, CTO and co-founder of BitGo, a company that has developed a multi-signature wallet that works with bitcoin. Belshe talks about about the security issues addressed by multi-signature wallets, how the technology works, and the challenges in bringing cryptocurrencies mainstream. We also talk about his journey into the bitcoin world, and he chimes in on what money will look like in the future. Belshe will address the topics of security and multi-signature technology at our upcoming Bitcoin & the Blockchain Radar Summit on January 27, 2015, in San Francisco — for more on the program and registration information, visit our Bitcoin & the Blockchain website.

Multi-signature technology is exactly what it sounds like: instead of authorizing bitcoin transactions with a single signature and a single key (the traditional method), it requires multiple signatures and/or multiple machines — and any combination thereof. The concept initially was developed as a solution for malware. Belshe explains:

“I’m fully convinced that the folks who have been writing various types of malware that steal fairly trivial identity information — logins and passwords that they sell super cheap — they are retooling their viruses, their scanners, their key loggers for bitcoin. We’ve seen evidence of that over the last 12 months, for sure. Without multi-signature, if you do a bitcoin transaction on a machine that’s got any of this bad stuff on it, you’re pretty much toast. Multi-signature was my hope to fix that. What we do is make one signature happen on the server machine, one signature happen on the client machine, your home machine. That way the attacker has to actually compromise two totally different systems in order to steal your bitcoin. That’s what multi-signature is about.”

Securing bitcoin is challenging because bitcoin is not an abstract reference to value, like a balance in a bank account. Bitcoin is very much like digital cash or gold. You’ve probably heard the expression “Possession is nine tenths of the law.” Well, in bitcoin, possession is ten tenths of the law. Possession of the keys to unlock the bitcoin, is equivalent to possession of cash or a chunk of precious metal. You can lose it, misplace it, have it stolen, or accidentally give the wrong amount to someone. In every one of those cases, end users would have no recourse, just as if they dropped cash on a public sidewalk.

However, bitcoin has capabilities that cash, gold, and bank accounts do not. A bitcoin wallet, containing your keys, can be backed up like any file. It can be stored in multiple copies, even printed on paper for hardcopy backup. You can’t “backup” cash, gold, or bank accounts. Bitcoin is different enough from anything that has come before that we need to think about bitcoin security in a novel way too.

Security principles

The core principle in bitcoin is decentralization and it has important implications for security. A centralized model, such as a traditional bank or payment network, depends on access control and vetting to keep bad actors out of the system. By comparison, a decentralized system like bitcoin pushes the responsibility and control to the end users. Because security of the network is based on Proof-Of-Work, not access control, the network can be open and no encryption is required for bitcoin traffic. Read more…

Google’s Philosopher — interesting take on privacy. Now that the mining and manipulation of personal information has spread to almost all aspects of life, for instance, one of the most common such questions is, “Who owns your data?” According to Floridi, it’s a misguided query. Your personal information, he argues, should be considered as much a part of you as, say, your left arm. “Anything done to your information,” he has written, “is done to you, not to your belongings.” Identity theft and invasions of privacy thus become more akin to kidnapping than stealing or trespassing. Informational privacy is “a fundamental and inalienable right,” he argues, one that can’t be overridden by concerns about national security, say, or public safety. “Any society (even a utopian one) in which no informational privacy is possible,” he has written, “is one in which no personal identity can be maintained.”

S-1 for a Bitcoin Trust (SEC) — always interesting to read through the risks list to see what’s there and what’s not.

Computationally Modelling Human Emotion (ACM) — our work seeks to create true synergies between computational and psychological approaches to understanding emotion. We are not satisfied simply to show our models “fit” human data but rather seek to show they are generative in the sense of producing new insights or novel predictions that can inform understanding. From this perspective, computational models are simply theories, albeit more concrete ones that afford a level of hypothesis generation and experimentation difficult to achieve through traditional theories.

Opinion Formation Models on a Gradient (PLoSONE) — Many opinion formation models embedded in two-dimensional space have only one stable solution, namely complete consensus, in particular when they implement deterministic rules. In reality, however, deterministic social behavior and perfect agreement are rare – at least one small village of indomitable Gauls always holds out against the Romans. […] In this article we tackle the open question: can opinion dynamics, with or without a stochastic element, fundamentally alter percolation properties such as the clusters’ fractal dimensions or the cluster size distribution? We show that in many cases we retrieve the scaling laws of independent percolation. Moreover, we also give one example where a slight change of the dynamic rules leads to a radically different scaling behavior.

The blockchain data structure is an ordered back-linked list of blocks of transactions. The blockchain can be stored as a flat file, or in a simple database. The bitcoin core client stores the blockchain metadata using Google’s LevelDB database. Blocks are linked “back,” each referring to the previous block in the chain. The blockchain is often visualized as a vertical stack, with blocks layered on top of each other and the first block serving as the foundation of the stack. The visualization of blocks stacked on top of each other results in the use of terms like “height” to refer to the distance from the first block, and “top” or “tip” to refer to the most recently added block.

Each block within the blockchain is identified by a hash, generated using the SHA256 cryptographic hash algorithm on the header of the block. Each block also references a previous block, known as the parent block, through the “previous block hash” field in the block header. In other words, each block contains the hash of its parent inside its own header. The sequence of hashes linking each block to its parent creates a chain going back all the way to the first block ever created, known as the genesis block. Read more…

Bitcoin is a collection of concepts and technologies that form the basis of a digital money ecosystem. Units of currency called bitcoins are used to store and transmit value among participants in the bitcoin network. Bitcoin users communicate with each other using the bitcoin protocol, primarily via the Internet; although, other transport networks can also be used. The bitcoin protocol stack, available as open source software, can be run on a wide range of computing devices, including laptops and smartphones, making the technology easily accessible.

Users can transfer bitcoin over the network to do just about anything that can be done with conventional currencies, such as buy and sell goods, send money to people or organizations, or extend credit. Bitcoin technology includes features that are based on encryption and digital signatures to ensure the security of the bitcoin network. Bitcoins can be purchased, sold, and exchanged for other currencies at specialized currency exchanges. Bitcoin, in a sense, is the perfect form of money for the Internet because it is fast, secure, and borderless. Read more…

Clustering Bitcoin Accounts Using Heuristics (O’Reilly Radar) — In theory, a user can go by many different pseudonyms. If that user is careful and keeps the activity of those different pseudonyms separate, completely distinct from one another, then they can really maintain a level of, maybe not anonymity, but again, cryptographically it’s called pseudo-anonymity. […] It turns out in reality, though, the way most users and services are using bitcoin, was really not following any of the guidelines that you would need to follow in order to achieve this notion of pseudo-anonymity. So, basically, what we were able to do is develop certain heuristics for clustering together different public keys, or different pseudonyms.

A Primer on Hardware Security: Models, Methods, and Metrics (PDF) — Camouflaging: This is a layout-level technique to hamper image-processing-based extraction of gate-level netlist. In one embodiment of camouflaging, the layouts of standard cells are designed to look alike, resulting in incorrect extraction of the netlist. The layout of nand cell and the layout of nor cell look different and hence their functionality can be extracted. However, the layout of a camouflaged nand cell and the layout of camouflaged nor cell can be made to look identical and hence an attacker cannot unambiguously extract their functionality.

Prompter: A Domain-Specific Language for Versu (PDF) — literally a scripting language (you write theatrical-style scripts, characters, dialogues, and events) for an inference engine that lets you talk to characters and have a different story play out each time.

As some of these service providers reach a certain scale, they will start coming under the scrutiny of regulators. Certain tenets are likely to remain: currencies require continuous liquidity and large financial institutions need access to the lender of last resort.

There are also cultural norms that take time to change. Take the example of notaries, whose services seem amenable to being replaced by blockchain technologies. Such a wholesale change would entail adjusting rules and norms across localities, which means going up against the lobbying efforts of established incumbents.

“Traditional models for financial payment networks and banking rely on centralized control in order to provide security. The architecture of a traditional financial network is built around a central authority, such as a clearinghouse. As a result, security and authority have to be vested in that central actor. The resulting security model looks like a series of concentric circles with very limited access to the center and increasing access as we move farther away from the center. However, even the most outermost circle cannot afford open access.

Bitcoin is more than just a currency. Here’s a look at what it is and what it isn’t.

Conrad Barski and Chris Wilmer, authors of Bitcoin for the Befuddled, recently hosted a webcast discussing exactly what bitcoin is (and what it isn’t), how it’s used, how businesses can use it, and some of the disruptive opportunities that bitcoin offers entrepreneurs.

They presented an overview that clears up some of the misconceptions about bitcoin. Read more…

Chris Clark on the blockchain's potential to disrupt the financial industry, from contracts to mortgages to government taxation.

Bitcoin has come a long way from initially being perceived as a pipe dream or fake money. In a recent interview, Chris Clark, a software developer, entrepreneur, physicist, and author of Bitcoin Internals, recalled a story of one of the first bitcoin transactions: someone was congratulated on their “free pizza” after paying in the neighborhood of 10,000 bitcoins for two pizzas. “Now that would be worth, I don’t know, like millions of dollars,” noted Clark.

While Clark said he regrets not getting involved in bitcoin back in 2010-2011, when “bitcoins were super cheap,” he has since researched and written a technical guide to bitcoin, Bitcoin Internals, and expanded his research into the blockchain, looking at the value of blockchain technology for businesses and the potential impacts of decentralization. In our conversation, he described the early evolution direction:

“Right now, we can see that people are kind of looking at bitcoin mostly as just a regular payment system. While I do think that’s definitely a very important innovation, what we’re seeing is a lot of new technologies coming out that are more about things like smart contracts and decentralized organizations, which are right now really in their infancy. I think that those are actually going to be much bigger in overall impact than the payment system itself.”

Introducing Bitcoin & the Blockchain: An O’Reilly Radar Summit

When the creators of bitcoin solved the “double spend” problem in a decentralized manner, they introduced techniques that have implications far beyond digital currency. Our newly announced one-day event — Bitcoin & the Blockchain: An O’Reilly Radar Summit — is in line with our tradition of highlighting applications of developments in computer science. Financial services have long relied on centralized solutions, so in many ways, products from this sector have become canonical examples of the developments we plan to cover over the next few months. But many problems that require an intermediary are being reexamined with techniques developed for bitcoin.

“Bitcoin is a combination of several innovations, arranged in a novel way: a peer-to-peer network, a proof-of-work algorithm, a distributed timestamped accounting ledger, and an elliptic-curve cryptography and key infrastructure. Each of these parts is novel on its own, but the combination and specific arrangement was revolutionary for its time and is beginning to show up in more innovations outside bitcoin itself.”

Featured Video

The Internet of Things That Do What You Tell Them: Cory Doctorow passionately explains how computers are already entwined in our lives, which means laws that support lock-in are much more than inconveniences.